{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:52:50Z","timestamp":1742914370078,"version":"3.40.3"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031514753"},{"type":"electronic","value":"9783031514760"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-51476-0_11","type":"book-chapter","created":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:02:29Z","timestamp":1704870149000},"page":"212-234","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Curveball+: Exploring Curveball-Like Vulnerabilities of\u00a0Implicit Certificate Validation"],"prefix":"10.1007","author":[{"given":"Yajun","family":"Teng","sequence":"first","affiliation":[]},{"given":"Wei","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Jun","family":"Shao","sequence":"additional","affiliation":[]},{"given":"Huiqing","family":"Wan","sequence":"additional","affiliation":[]},{"given":"Heqing","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Jingqiang","family":"Lin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,1,11]]},"reference":[{"key":"11_CR1","unstructured":"CertVerifyCertificateChainPolicy function (wincrypt.h) (2021). https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/wincrypt\/nf-wincrypt-certverifycertificatechainpolicy"},{"key":"11_CR2","unstructured":"Certificate key matcher (unknown). https:\/\/www.sslshopper.com\/certificate-key-matcher.html"},{"key":"11_CR3","unstructured":"Administration, C.E.: SM2 elliptic curve public key algorithms (2010)"},{"key":"11_CR4","unstructured":"BlackBerry: Certicom device certification authority for zigbee smart energy (nd). https:\/\/blackberry.certicom.com\/en\/products\/managed-certificate-service\/smart-energy-device-certificate-service"},{"key":"11_CR5","unstructured":"Brown, D.R.: SEC 2: Recommended elliptic curve domain parameters. In: Standars for Efficient Cryptography (2010)"},{"key":"11_CR6","unstructured":"Brown, D.R., Campagna, M.J., Vanstone, S.A.: Security of ECQV-certified ECDSA against passive adversaries. Cryptology ePrint Archive (2009)"},{"key":"11_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/3-540-46088-8_15","volume-title":"Financial Cryptography","author":"DRL Brown","year":"2002","unstructured":"Brown, D.R.L., Gallant, R., Vanstone, S.A.: Provably secure implicit certificate schemes. In: Syverson, P. (ed.) FC 2001. LNCS, vol. 2339, pp. 156\u2013165. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46088-8_15"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Brubaker, C., Jana, S., Ray, B., Khurshid, S., Shmatikov, V.: Using frankencerts for automated adversarial testing of certificate validation in SSL\/TLS implementations. In: 2014 IEEE Symposium on Security and Privacy, pp. 114\u2013129. IEEE (2014)","DOI":"10.1109\/SP.2014.15"},{"key":"11_CR9","unstructured":"Campagna, M.: SEC4: Elliptic curve Qu-Vanstone implicit certificates, version 1.0. Tech. rep., Standards for Efficient Cryptography (2013)"},{"key":"11_CR10","unstructured":"ETSI, T.: ETSI TS 103 097 v1.1.1-intelligent transport systems (ITS); security; security header and certificate formats. Standard, TC ITS (2013)"},{"key":"11_CR11","unstructured":"Ford, W., Poeluev, Y.: The machine-to-machine (M2M) public key certificate format. Internet-Draft draft-ford-m2mcertificate-00, IETF Secretariat (2015)"},{"key":"11_CR12","unstructured":"Forum, N.: Signature record type definition, technical specification, v2.0 (2014)"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 38\u201349 (2012)","DOI":"10.1145\/2382196.2382204"},{"key":"11_CR14","unstructured":"IEEE 1609 Working Group and others: IEEE standard for wireless access in vehicular environments-security services for applications and management messages. IEEE STD 1609(2) (2016)"},{"issue":"1","key":"11_CR15","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/s102070100002","volume":"1","author":"D Johnson","year":"2001","unstructured":"Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36\u201363 (2001)","journal-title":"Int. J. Inf. Secur."},{"key":"11_CR16","unstructured":"Labs, M.: What CVE-2020-0601 teaches us about Microsoft\u2019s TLS certificate verification process (2020). https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/what-cve-2020-0601-teaches-us-about-microsofts-tls-certificate-verification-process\/"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., Preneel, B.: A cross-protocol attack on the TLS protocol. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 62\u201372 (2012)","DOI":"10.1145\/2382196.2382206"},{"key":"11_CR18","unstructured":"Msahli, Cam-Winget, W.: Internet X.509 public key infrastructure certificate. Tech. rep., RFC 8902 (2020)"},{"key":"11_CR19","unstructured":"National Security Agency: Patch critical cryptographic vulnerability in Microsoft windows clients and servers (2020). https:\/\/media.defense.gov\/2020\/Jan\/14\/2002234275\/-1\/-1\/0\/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF"},{"key":"11_CR20","unstructured":"Paganini, P.: Two PoC exploits for CVE-2020-0601 nsacrypto flaw released (2020). https:\/\/securityaffairs.co\/wordpress\/96486\/uncategorized\/cve-2020-0601-nsacrypto-exploits.html"},{"key":"11_CR21","unstructured":"Poeluev, Y., Ford, W.: Transport layer security (TLS) and datagram transport layer security (DTLS) authentication using m2m certificate. IETF Secretariat (2015)"},{"key":"11_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/3-540-68339-9_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"D Pointcheval","year":"1996","unstructured":"Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387\u2013398. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_33"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Polk, T., Housley, R., Bassham, L.: Algorithms and identifiers for the internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Tech. rep., RFC 3279 (2002)","DOI":"10.17487\/rfc3280"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Pollicino, F., Stabili, D., Ferretti, L., Marchetti, M.: An experimental analysis of ECQV implicit certificates performance in VANETs. In: 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall), pp. 1\u20136. IEEE (2020)","DOI":"10.1109\/VTC2020-Fall49728.2020.9348712"},{"key":"11_CR25","unstructured":"Qi\u2019an Xin Codesafe: Detailed analysis of CVE-2020-0601 vulnerability (in Chinese) (2020). https:\/\/blog.csdn.net\/smellycat000\/article\/details\/104057852"},{"key":"11_CR26","unstructured":"Romailer, Y.: CVE-2020-0601: The Chainoffools\/Curveball attack explained with POC (2020). https:\/\/research.kudelskisecurity.com\/2020\/01\/15\/cve-2020-0601-the-chainoffools-attack-explained-with-poc\/"},{"key":"11_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/0-387-34805-0_22","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"CP Schnorr","year":"1990","unstructured":"Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239\u2013252. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_22"},{"key":"11_CR28","unstructured":"Simpson, J.: A technical analysis of Curveball (cve-2020-0601) (2020). https:\/\/www.trendmicro.com\/en_us\/research\/20\/b\/an-in-depth-technical-analysis-of-curveball-cve-2020-0601.html"},{"key":"11_CR29","unstructured":"Wagner, D., Schneier, B., et al.: Analysis of the SSL 3.0 protocol. In: The Second USENIX Workshop on Electronic Commerce Proceedings, vol. 1, pp. 29\u201340 (1996)"},{"key":"11_CR30","doi-asserted-by":"crossref","unstructured":"Whyte, W., Weimerskirch, A., Kumar, V., Hehn, T.: A security credential management system for V2V communications. In: 2013 IEEE Vehicular Networking Conference, pp. 1\u20138. IEEE (2013)","DOI":"10.1109\/VNC.2013.6737583"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-51476-0_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T07:05:28Z","timestamp":1704870328000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-51476-0_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031514753","9783031514760"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-51476-0_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"11 January 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Hague","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"The Netherlands","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 September 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2023.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"478","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"93","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}